<%
=begin
apps: postgresql-ha
platforms: kubernetes, tanzu-application-catalog
id: configure_ldap
title: LDAP configuration
category: configuration
weight: 50
=end %>

LDAP support can be enabled in the chart by specifying the *ldap.* parameters while creating a release. The following parameters should be configured to properly enable the LDAP support in the chart.

* *ldap.enabled*: Enable LDAP support. Defaults to false.
* *ldap.uri*: LDAP URL beginning in the form ldap[s]://<hostname>:<port>. No defaults.
* *ldap.base*: LDAP base DN. No defaults.
* *ldap.binddn*: LDAP bind DN. No defaults.
* *ldap.bindpw*: LDAP bind password. No defaults.
* *ldap.bslookup*: LDAP base lookup. No defaults.
* *ldap.nss_initgroups_ignoreusers*: LDAP ignored users. root,nslcd.
* *ldap.scope*: LDAP search scope. No defaults.
* *ldap.tls_reqcert*: LDAP TLS check on server certificates. No defaults.

For example:

~~~
ldap.enabled="true"
ldap.uri="ldap://my_ldap_server"
ldap.base="dc=example\,dc=org"
ldap.binddn="cn=admin\,dc=example\,dc=org"
ldap.bindpw="admin"
ldap.bslookup="ou=group-ok\,dc=example\,dc=org"
ldap.nss_initgroups_ignoreusers="root\,nslcd"
ldap.scope="sub"
ldap.tls_reqcert="demand"
~~~

Next, login to the PostgreSQL server using the psql client and add the PAM authenticated LDAP users.
